#! /usr/bin/env python###############################################################################                                                                         #### scapy.py --- Interactive packet manipulation tool                       ####              see http://www.secdev.org/projects/scapy/                  ####              for more informations                                      ####                                                                         #### Copyright (C) 2003  Philippe Biondi <phil@secdev.org>                   ####                                                                         #### This program is free software; you can redistribute it and/or modify it #### under the terms of the GNU General Public License version 2 as          #### published by the Free Software Foundation; version 2.                   ####                                                                         #### This program is distributed in the hope that it will be useful, but     #### WITHOUT ANY WARRANTY; without even the implied warranty of              #### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU       #### General Public License for more details.                                ####                                                                         ################################################################################# $Log: scapy.py,v $# Revision 1.0.5.1  2006/10/19 15:56:43  pbi# Release 1.0.5## Revision 1.0.4.106  2006/10/17 16:50:19  pbi# - fixed ScapyFreqFilter (ticket #19)## Revision 1.0.4.105  2006/10/17 16:12:03  pbi# - added 'count' parameter to send()/sendp() and __gen_send() to send the same set of#   packets a given number of times## Revision 1.0.4.104  2006/10/17 16:06:26  pbi# - added alternative 'n' parameter to corrupt_bits() and corrupt_bytes()#   to specify how much bits/bytes to corrupt, instead of working with percentages## Revision 1.0.4.103  2006/10/06 17:33:53  pbi# - added doc strings to Field class (ticket #14)## Revision 1.0.4.102  2006/10/06 17:17:08  pbi# - added my_globals parameter to autorun_commands() and all autorun_get_*() (ticket #15)## Revision 1.0.4.101  2006/10/06 17:09:10  pbi# - used get_it() in get_if_raw_addr()# - made interfaces with no IP return 0.0.0.0 (ticket #16)## Revision 1.0.4.100  2006/10/06 16:59:24  pbi# - removed all <tab> inconsistencies (ticket #17)## Revision 1.0.4.99  2006/10/06 16:33:08  pbi# - fixed typo in ISAKMPAttributeTypes (ticket #13)## Revision 1.0.4.98  2006/10/06 16:31:41  pbi# - added additionnal DHCP Options (ticket #11)## Revision 1.0.4.97  2006/10/06 15:34:38  pbi# - fixed DHCPtypes value (ticket #10)# - added new DHCPtypes values## Revision 1.0.4.96  2006/10/06 14:53:59  pbi# - fixed WEP building (broken since 1.0.4.86)## Revision 1.0.4.95  2006/10/06 14:53:19  pbi# - moved payload building call into a hookable method outside Packet.do_build()## Revision 1.0.4.94  2006/10/06 14:02:24  pbi# - now import Set object to have it on hand## Revision 1.0.4.93  2006/10/06 14:01:55  pbi# - moved field initialization from default valies from Packet.__init__()#   to Packet.init_fields()## Revision 1.0.4.92  2006/10/06 14:00:31  pbi# - WARNING: internal API change. Packet.do_dissect() now only dissects current layer.#   Pre/post_dissect hooks and payload dissection are called from Packet.dissect().## Revision 1.0.4.91  2006/10/06 12:24:56  pbi# - added fragmentation informations in IP.summary()## Revision 1.0.4.90  2006/10/06 12:24:11  pbi# - Packet.name is now automatically set to the class name if not specified## Revision 1.0.4.89  2006/10/06 12:22:47  pbi# - fixed StrFixedLenField.i2len() to return field actual length instead of fixed length that#   is already known## Revision 1.0.4.88  2006/10/06 12:20:50  pbi# - replaced type(x) is type by more correct isinstance(x, type)## Revision 1.0.4.87  2006/10/06 12:15:24  pbi# - fix corrupt_bits() probability computation## Revision 1.0.4.86  2006/09/23 19:36:30  pbi# - moved payload building from Packet.do_build() to Packet.build()# - added post build transform logic so that transformation functions can be applied#   to a freshly assembled layer## Revision 1.0.4.85  2006/09/23 06:54:37  pbi# - modified MutatedBytes/MutatedBits way of working# - renamed them CorruptedBytes/CorruptedBits# - added corrupt_bytes() and corrupt_bits() functions## Revision 1.0.4.84  2006/09/23 06:52:46  pbi# - improved import_hexcap() to handle more hexdump outputs## Revision 1.0.4.83  2006/09/11 15:50:32  pbi# - fixed some glurks is_promisc()# - added promiscping() function (A. Brodin)## Revision 1.0.4.82  2006/09/11 15:36:35  pbi# - added conf.autofragment paramter (default to 1)# - added auto IP fragmentation code into L3PacketSocket() to handle "Message Too Long" exceptions## Revision 1.0.4.81  2006/09/11 15:35:29  pbi# - changed sane() to sane_color() and added sane() that does not use color themes# - added hexstr() that returns a one line hexdump string from a string## Revision 1.0.4.80  2006/09/11 15:23:40  pbi# - fixed ISAKMPTransformSetField() to manage fields that should not use TLV encoding but need it# - changed N and D ISAKMP payload types to more explicit identifiers: Notification and Delete## Revision 1.0.4.79  2006/09/11 15:22:50  pbi# - renamed PacketList.hexdump() to PacketList.rawhexdump()# - added PacketList.hexdump() to print and hexdump of all packets topped by a summary of the dumped packet## Revision 1.0.4.78  2006/09/11 15:22:03  pbi# - added MutateBytes() volatile to randomly alter bytes in a string# - added MutateBits() volatile class to do random bitflips on a string## Revision 1.0.4.77  2006/09/11 15:20:47  pbi# - added IncrementalValue() volatile class for sequence number fields## Revision 1.0.4.76  2006/09/11 12:53:52  pbi# - Use random.randrange() instead of random.randint() for RandNum()# - RandInt() now reaches 2**32-1# - added RandSInt() and RandSLong() for signed values## Revision 1.0.4.75  2006/09/11 12:51:10  pbi# - Entries in arp_cache are now permanent if they have 0 or None instead of timeout## Revision 1.0.4.74  2006/08/27 17:36:08  pbi# - tweaked make_*_table() to add horizontal separation lines## Revision 1.0.4.73  2006/08/27 16:11:06  pbi# - added multiplot to plot many series from the same packet list. The function must returns#   a couple whose first element is the label of a serie and the second is the data to plot.## Revision 1.0.4.72  2006/08/27 15:13:36  pbi# - WARNING: API change. crc32() is now the zlib function.#   crc32(0xffffffffL, s) --> ~crc32(z)&0xffffffffL## Revision 1.0.4.71  2006/08/27 14:16:47  pbi# - fixed possible failures in DNS.summary()## Revision 1.0.4.70  2006/08/27 14:11:38  pbi# - improved L3PacketSocket to build the list of interfaces only when needed (promisc=1)## Revision 1.0.4.69  2006/08/27 14:10:05  pbi# - added gz parameter to PcapWriter (and thus wrpcap()) to gzip captures# - added abilty to read gzipped pcap files in PcapReader (and thus rdpcap())## Revision 1.0.4.68  2006/08/27 13:59:20  pbi# - changed Net representation for it to work with Packet.command()## Revision 1.0.4.67  2006/08/27 13:58:48  pbi# - added diffplot() to PacketList to plot a function of couples (l[i],l[i+delay])## Revision 1.0.4.66  2006/08/27 12:52:13  pbi# - added prototype to psdump() and pdfdump() docstring## Revision 1.0.4.65  2006/08/27 12:47:32  pbi# - have srloop() and srploop() return results of all probes## Revision 1.0.4.64  2006/08/11 12:24:31  pbi# - patched getmacbyip() to handle IP multicast and return the right MAC multicast## Revision 1.0.4.63  2006/08/11 12:13:45  pbi# - fixed lambda filtering in PacketList.plot()## Revision 1.0.4.62  2006/08/11 12:12:51  pbi# - fixed reinstantiation of a PacketList as parameter to another PacketList## Revision 1.0.4.61  2006/08/11 12:11:10  pbi# - added docstring to route.delt()## Revision 1.0.4.60  2006/08/11 12:10:41  pbi# - fixed /proc/net/route parsing to handle reject routes## Revision 1.0.4.59  2006/08/05 15:38:50  pbi# - added ActionField(): a wrapper to put arround a field that will trigger the call of a method#   each time a value is manually set into a field## Revision 1.0.4.58  2006/08/05 15:37:31  pbi# - fix: moved call to superclass' constructor in EnumField's constructor## Revision 1.0.4.57  2006/07/28 21:57:19  pbi# - fixed get_if_hwaddr() exception catching in SourceMACField and ARPSourceMACField## Revision 1.0.4.56  2006/07/28 17:24:39  pbi# - fixed typo in inet_pton## Revision 1.0.4.55  2006/07/19 17:23:30  pbi# - fix: ls() look for Packet subclasses in both globals() and __builtin__## Revision 1.0.4.54  2006/07/19 17:13:25  pbi# - forced _ special variable initisalization to None in autorun_commands()## Revision 1.0.4.53  2006/07/17 17:35:48  pbi# - replaced getattr() by Packet.getfieldval() in FieldLenField.i2m()## Revision 1.0.4.52  2006/07/17 17:28:20  pbi# - improved MACField.i2m()## Revision 1.0.4.51  2006/07/17 17:27:40  pbi# - changed Packet.__iter__() to clone unrolled packets without transforming fields values through i2h() and h2i()## Revision 1.0.4.50  2006/07/17 15:18:06  pbi# - added Packet.getfieldval() and NoPayload.getfieldval() to return the internal value of a field# - changed Packet.__getattr__() to use Packet.getfieldval()# - changed do_build, do_build_ps, guess_payload_class, __eq__, haslayer, getlayer to use Packet.getfieldval()## Revision 1.0.4.49  2006/07/17 14:00:53  pbi# - fixed little endian fields for big endian machines (replaced @ by <)## Revision 1.0.4.48  2006/07/17 13:43:04  pbi# - simplified PacketListField.addfield()## Revision 1.0.4.47  2006/07/17 13:42:09  pbi# - simplified Dot11SCField.is_applicable()## Revision 1.0.4.46  2006/07/17 13:40:55  pbi# - added __nonzero__() methods to Packet and Payload for the first to be true and the second#   to be false without assembling the packet## Revision 1.0.4.45  2006/07/17 13:37:19  pbi# - fixed Ether_Dot3_Dispatcher() to make it work with no arguments## Revision 1.0.4.44  2006/07/13 09:52:57  pbi# - Fixed 3BytesField assembling (N. Bareil, ticket #6)## Revision 1.0.4.43  2006/07/12 16:07:11  pbi# - fixed docstring of Packet.post_dissection()## Revision 1.0.4.42  2006/07/12 13:36:01  pbi# - added Packet.from_hexcap() class method## Revision 1.0.4.41  2006/07/12 13:35:37  pbi# - added a Packet.pre_dissect() hook## Revision 1.0.4.40  2006/07/12 13:23:19  pbi# - Added a Ether/802.3 dispatcher for "Ethernet" linktype# - 802.1q use LLC payload if type < 1500# - enhanced Dot3.mysummary()## Revision 1.0.4.39  2006/07/11 22:40:37  pbi# - fixed Dot11.answers() behaviour for management frames (L. Butti, ticket #5)## Revision 1.0.4.38  2006/07/11 22:37:36  pbi# - fixed endianness of some 802.11 fields (L. Butti, ticket #3)## Revision 1.0.4.37  2006/07/11 22:36:06  pbi# - removed SC field from 802.11 control frames (L. Butti, ticket #4)## Revision 1.0.4.36  2006/07/11 22:10:01  pbi# - fixed TCPOptionsField to support SAck option (P. Lindholm, ticket #3)# - strengthened TCPOptionsField against bad options## Revision 1.0.4.35  2006/07/11 21:57:37  pbi# - fix typo## Revision 1.0.4.34  2006/06/23 17:35:43  pbi# - improved error message details for get_if_hwaddr()## Revision 1.0.4.33  2006/06/23 17:33:38  pbi# - arping() function can update ARP cache if parameter cache=1 (D. Schuster, ticket #2)## Revision 1.0.4.32  2006/06/23 16:27:44  pbi# - fixed: overloaded volatile fields were not fixed for sending## Revision 1.0.4.31  2006/05/27 23:04:41  pbi# - fixed possible loop in TCP options## Revision 1.0.4.30  2006/05/25 18:00:40  pbi# - added split_layers(), split_top_down() and split_bottom_up() to undo the#   effects of bind_layers(), bind_top_down() and bind_bottom_up()## Revision 1.0.4.29  2006/05/25 10:25:32  pbi# - added missing SPI field for ISAKMP_payload_Proposal## Revision 1.0.4.28  2006/05/25 09:23:16  pbi# - almost reversed Field.h2i() removal patch (1.0.4.25) (changed my mind :))# - had Field.any2i() use Field.h2i()## Revision 1.0.4.27  2006/05/24 21:15:22  pbi# - enhanced Packet.__getattr__ prettiness## Revision 1.0.4.26  2006/05/24 20:50:47  pbi# - enhanced prettiness of DNSRRCountField## Revision 1.0.4.25  2006/05/24 20:49:44  pbi# - removed h2i() methods from Field API## Revision 1.0.4.24  2006/04/29 13:52:35  pbi# - added next_payload value overloading for ISAKMP layers## Revision 1.0.4.23  2006/04/29 13:31:18  pbi# - removed forgotten debug prints..## Revision 1.0.4.22  2006/04/29 13:20:30  pbi# - fixed ISAKMPTransformSetField# - fixed ISAKMP_payload_Transform length calculation## Revision 1.0.4.21  2006/04/29 12:48:13  pbi# - WARNING: Field API changed. parameter shift must be now provided to the#   length-varying field and not to the length field.# - added Field.i2len() method to return the length of a field (the number of#   bytes in the raw packet string)## Revision 1.0.4.20  2006/04/28 21:53:24  pbi# - fixed some problems with Packet.haslayer()/getlayer() for empty and list fields# - reduced Packet.haslayer()/getlayer() speed overhead to the same level as older versions## Revision 1.0.4.19  2006/04/26 14:55:18  pbi# - fixed (again) filter attaching on linux/amd64 (W. Robinet)## Revision 1.0.4.18  2006/04/26 12:55:29  pbi# - fixed Dot11WEP default icv value## Revision 1.0.4.17  2006/04/26 12:55:01  pbi# - ATTENTION: API change: Packet.post_build() now takes current#   assembled layer and assembled payload separately. Thus the#   new prototype: post_build(self, pkt payload) -> pkt. post_build()#   is in charge to join current layer and payload.#   Old API will work for a small transition time.## Revision 1.0.4.16  2006/04/25 15:23:49  pbi# - added internal _iterpacket parameter to SetGen to prevent iteration over Packet instances# - bugfix: prevented iteration over Packet instances in Packet.getlayer/haslayer/show()## Revision 1.0.4.15  2006/04/24 12:27:35  pbi# - added NetFlow v1 protocol layer (M. Geli)